hey guys im not really a programmr or anything and i don't now anything about the hardware in the ps3 but can i point that i recently heard that people got swapmagic working with the ps3 (since it is considered as a original game by the ps2 so it must work with the ps3) so my theory is that since swapmagic can run exploits maybe we can use swapmagic to run exploits in the ps3.

Point well taken BKATTACK! This just goes to show you don't have to necessarily be a DEV'er to help out here.

You are actually correct! PDX is actually using a hole in the PS2 hardware to jump into PS3 mode essentially (as it still does run). Once there, they have User Mode access and use a second hole/exploit (likely the LS hint mentioned) to escalate to Kernel Mode for running their iSO Loader, etc.

And again, you are correct on the console changes too... currently theirs doesn't work on PAL due to software. They can't get their exploit working because the PS2 is being emulated (different programming) so the hole is missing in action.

However, I have been told this is actually slightly "outdated" as of last night. I believe they have made some further progress (although I have no specifics on it at this time).

Reading the security brief on the CellBE at http://www-128.ibm.com/developerwork...-cellsecurity/ we learn that one of the SPEs get assigned the duty of secure execution at Secure Boot process. When the PS3 goes into PS2 game mode, can we then, safely assume that the SPE is taken out of the secure execution mode, thereby allowing free reign on the hardware?

hey guys im not really a programmr or anything and i don't now anything about the hardware in the ps3 but can i point that i recently heard that people got swapmagic working with the ps3 (since it is considered as a original game by the ps2 so it must work with the ps3) so my theory is that since swapmagic can run exploits maybe we can use swapmagic to run exploits in the ps3.

well since swapping it out of the picture on a ps3, since it is a slot loader (unless someone watch to buther their ps3)... if someone made it so the swapmagic program installed on the ps3 rather then run off the disk, then it would be a way of playing burned copies of ps2 games.

Maybe using swap magic or the ps2 backup trick can get a ps2bios dump of a NTSC ps3 console and go from there ?

Edit: We already know that we can run ps2 code with swap but what code?? The ps3 does provide lots of resources for the ps2 side of things like usb, disk drive, memory card, network etc... so again what to run ? What to try to exploit?

To be honest guys. I don't think you're going to be able to use a swap magic method to find this hole.. You would think that Sony would have patched that for sure. I may be wrong, but I highly doubt that any kind of swap magic stuff will help us here..

does action replay max work on the ps3 - i seem to remember that program does some very funky crap with regards to hard and fast coding. if remember there was a way in later versions to run emulators from a cdr ? i think this was a seperate exploit type way of loading .elf files because it didnt as far as i recall require the rebooting of the ps2. i will try to dig out some of my old documentation on the armax, prehaps something will hit me.

Edit: o.k. what we know about the ps2 exploit:

1) you NEED an original disk (be it ps1 or ps2) the bootloader has never been truely from software alone been hacked.you need a ps1 disk to do the independance day hack etc.

2) the exploit worked by interupting the ps2's handover to the ps1. (how does the ps3 handover to the ps2?)

Ok, once again, not a Dev here, but.... Lets try to break this into a stage process. First we need to get INTO ps2 mode, THEN we need to find the second exploit. So lets focus on getting into ps2 mode:

It has been confirmed that the system uses ps2 mode to jump BACK to ps3 mode. the swap magic thing is a possibility because it stops everything and waits for a signal from the user to continue. BUT, going back to the ferrox loader that we saw a video of... she used the otherOS area to launch. So, what I was thinking is that if the two exploits are similar that maybe a modification to a linux kernel that redirects the system to somehow use ps2 mode. Others with more knowledge might be able to speculate better than I.

I've been a casual observer in the scene for a long time, one thing to note about PDX is that they do work in mysterious ways... thus, I wouldn't doubt if some little blue birdies visit the thread, drop some info and disappear never to be seen or heard from again. BTW, Thanks for initial brainstorming BK.

Ok, once again, not a Dev here, but.... Lets try to break this into a stage process. First we need to get INTO ps2 mode, THEN we need to find the second exploit.

I'm pretty sure that Ferrox and PDX use different exploits.. But it's a possibility that they use the same exploit. What I was thinking earlier is that Sony forgot to block all the access to the EmotionEngine in the OtherOS mode, and PDX has found out how to write code to the EE in OtherOS mode and once they do that, they use a buffer overflow in the SPE to gain Kernel mode thus allowing them to run their loader. I could be totally wrong though, that's just my hypothesis. It would be nice is PS3News could tell me if I was close or not.

Hmmm, If the exploit came from the ps2 hardware, and the PS3 has the ability to run PS2 games that are downloaded from the Playstation Store, in the future of course, maybe there might be a hack somewhere there. Of course that's a far shot...

Hmmm, If the exploit came from the ps2 hardware, and the PS3 has the ability to run PS2 games that are downloaded from the Playstation Store, in the future of course, maybe there might be a hack somewhere there. Of course that's a far shot...

The JAP and US PS3 console has both the PS2 CPU and GPU in hardware.

The EUR PS3 emulates the PS2 CPU via the Cell and still has the PS2 hardware GPU.

I would have thought the issue is that with the JAP/US PS3, when it executes PS2 code the hypervisor is out of the loop. If you find an exploit you are in, even though still in some sort of protected environment.

However, on the EUR PS3 since the PS2 CPU is emulated by the Cell then the hypervisor will still be active. If thats the case this is probably why they can no longer exploit it using the method found.